File name:

Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91

Full analysis: https://app.any.run/tasks/af0b2c6a-c53c-47a9-ba4e-630b9f4aa2d4
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: May 15, 2025, 14:39:47
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
stealer
delphi
inno
installer
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections
MD5:

4351880FF248144B264A40C1B17770E1

SHA1:

03628A8470A7D303583B02322B246A539B042724

SHA256:

AE93FCC51EE960C8DA7D9A1FC4A83EBE429DFCA2062985C57BEC27037CFF1D91

SSDEEP:

196608:U3MaIQyHXxaKkDph3QK1wzFAPbgLRqZUTgjqO7ZIXc1wJXQnnfT:aMa4XxfKph3QK1iFSb2qZUTwqO7OZX2

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp (PID: 2432)

    • Steals credentials from Web Browsers

      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp (PID: 2432)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.exe (PID: 2096)
      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.exe (PID: 960)
      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp (PID: 2432)

    • Reads security settings of Internet Explorer

      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp (PID: 5072)
      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp (PID: 2432)

    • Reads the Windows owner or organization settings

      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp (PID: 2432)

    • Process drops SQLite DLL files

      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp (PID: 2432)

    • Reads the BIOS version

      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp (PID: 2432)

    • There is functionality for taking screenshot (YARA)

      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp (PID: 2432)

    • There is functionality for communication over UDP network (YARA)

      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp (PID: 2432)

    • Reads browser cookies

      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp (PID: 2432)

  • INFO

    • Create files in a temporary directory

      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.exe (PID: 2096)
      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.exe (PID: 960)
      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp (PID: 2432)

    • Checks supported languages

      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.exe (PID: 2096)
      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.exe (PID: 960)
      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp (PID: 5072)
      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp (PID: 2432)

    • Reads the computer name

      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp (PID: 2432)
      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp (PID: 5072)

    • Process checks computer location settings

      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp (PID: 5072)
      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp (PID: 2432)

    • The sample compiled with english language support

      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp (PID: 2432)

    • Reads Environment values

      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp (PID: 2432)

    • Checks proxy server information

      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp (PID: 2432)

    • Reads the machine GUID from the registry

      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp (PID: 2432)

    • Reads the software policy settings

      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp (PID: 2432)
      • slui.exe (PID: 4488)

    • Detects InnoSetup installer (YARA)

      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.exe (PID: 2096)
      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp (PID: 2432)
      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp (PID: 5072)
      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.exe (PID: 960)

    • Compiled with Borland Delphi (YARA)

      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp (PID: 5072)
      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.exe (PID: 960)
      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp (PID: 2432)
      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.exe (PID: 2096)

    • Creates files in the program directory

      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp (PID: 2432)

    • Creates files or folders in the user directory

      • Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp (PID: 2432)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (42.6)
.exe | Win16/32 Executable Delphi generic (19.5)
.exe | Generic Win/DOS Executable (18.9)
.exe | DOS Executable Generic (18.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:04:06 14:39:04+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 66560
InitializedDataSize: 438272
UninitializedDataSize: -
EntryPoint: 0x117dc
OSVersion: 5
ImageVersion: 6
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 12.0.1.0
ProductVersionNumber: 12.0.1.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Auslogics
FileDescription: Auslogics Disk Defrag Installation File
FileVersion: 12.x
LegalCopyright: Copyright © 2008-2025 Auslogics Labs Pty Ltd
ProductName: Auslogics Disk Defrag
ProductVersion: 12.0.1.0
OriginalFileName: disk-defrag-setup.exe
InternalName: disk-defrag-setup
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
128
Monitored processes
5
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.exe sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp no specs sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.exe sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp slui.exe

Process information

PID
CMD
Path
Indicators
Parent process
960"C:\Users\admin\Desktop\Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.exe" /SPAWNWND=$702B0 /NOTIFYWND=$9014C C:\Users\admin\Desktop\Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.exe
Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp
User:
admin
Company:
Auslogics
Integrity Level:
HIGH
Description:
Auslogics Disk Defrag Installation File
Version:
12.x
Modules
Images
c:\users\admin\desktop\sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
2096"C:\Users\admin\Desktop\Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.exe" C:\Users\admin\Desktop\Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.exe
explorer.exe
User:
admin
Company:
Auslogics
Integrity Level:
MEDIUM
Description:
Auslogics Disk Defrag Installation File
Version:
12.x
Modules
Images
c:\users\admin\desktop\sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
2432"C:\Users\admin\AppData\Local\Temp\is-728H3.tmp\Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp" /SL5="$1002B2,24355011,505856,C:\Users\admin\Desktop\Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.exe" /SPAWNWND=$702B0 /NOTIFYWND=$9014C C:\Users\admin\AppData\Local\Temp\is-728H3.tmp\Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp
Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-728h3.tmp\sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
4488C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
5072"C:\Users\admin\AppData\Local\Temp\is-IF0HG.tmp\Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp" /SL5="$9014C,24355011,505856,C:\Users\admin\Desktop\Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.exe" C:\Users\admin\AppData\Local\Temp\is-IF0HG.tmp\Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmpSigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-if0hg.tmp\sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
Total events
8 351
Read events
8 344
Write events
7
Delete events
0

Modification events

(PID) Process:(2432) Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Auslogics\Disk Defrag\12.x\Settings
Operation:writeName:General.Tracking.URLMarkers
Value:
diskdefragnosid
(PID) Process:(2432) Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2432) Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2432) Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2432) Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6D484312-1B14-96B5-2103-31B346D1CE61}\Version
Operation:writeName:Assembly
Value:
6439EB7E2F3A221EA8070548D31E5F006439EB7E2F3A221EA8070548D31E5F0088AD8CBB5ED3F66B83A8A2CDF194269C890BB34AEBD806E41A50D3BD9C0B4765219909F09E75DEC0927FF4E8152284CD219909F09E75DEC0927FF4E8152284CD59B5414605BAE21E9735786EB516D3F8DE1283C2AFF9BF99D33ED2740C86BBD2F8157495FE950FA4A01046BB55F00DAD0F20AA1B1ADFE602954529934D03147D
(PID) Process:(2432) Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Auslogics\Disk Defrag\12.x\Settings
Operation:writeName:General.Language
Value:
ENU
(PID) Process:(2432) Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Auslogics\Disk Defrag\12.x\Settings
Operation:writeName:General.Analytics.GAUserCountryCode
Value:
IQ
Executable files
16
Suspicious files
18
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
2432Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmpC:\Users\admin\AppData\Local\Temp\is-T0I6U.tmp\Integrator.exeexecutable
MD5:6C68C9F2308B42B11D29229D7468B0A5
SHA256:BCF9AF625A612F5C84940E195C68D85AB32D24337D22983CC61F2BC60204DD2D
2432Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmpC:\Users\admin\AppData\Local\Temp\is-T0I6U.tmp\AxComponentsVCL.bplbinary
MD5:7E05581828F02177F0531851A64D008A
SHA256:132618505FD4A15618916C2D1FEBE89B279FBBA259A3544044E8121AB7DC93FD
2432Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmpC:\Users\admin\AppData\Local\Temp\is-T0I6U.tmp\SetupCustom.dllexecutable
MD5:62A8EDE79D2A3571BC989654875BF18D
SHA256:24E7E353E1F2C89AA145DF2AFC538D4FD8A9EC46EC7FE8610351DEFE830DD392
2432Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmpC:\Users\admin\AppData\Local\Temp\is-T0I6U.tmp\Localizer.dllexecutable
MD5:CF2A768A4A795E3BFA42021037C1AF59
SHA256:2A50B6D34FB593FA37D3674EABEB400A3E599E07F8BD9AF19F9FF12C74C1028E
2432Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmpC:\Users\admin\AppData\Local\Temp\is-T0I6U.tmp\GoogleAnalyticsHelper.dllexecutable
MD5:CF027CF733CE4B28740926D18D9C6B1E
SHA256:CB560167F2818E70AACF4B2B3D51B2F340EC5745AA184D53CC32823167BCEE59
2432Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmpC:\Users\admin\AppData\Local\Temp\is-T0I6U.tmp\CommonForms.Site.dllexecutable
MD5:AB89F3299208DCD40866EACC1FA4E457
SHA256:8521176B13CE0C53C4F250D576241ECB351945E412AFC850204215CC9DED09CF
2432Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmpC:\Users\admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat
MD5:
SHA256:
2432Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmpC:\Users\admin\AppData\Local\Temp\is-T0I6U.tmp\AxComponentsRTL.bplexecutable
MD5:7D06657F6C1108C299AC61F1340F0353
SHA256:13921DC268C861FB4C38E20CFDABD3194E19DC5A7F3ADD001AF25933BF37EA13
2432Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmpC:\Users\admin\AppData\Local\Temp\is-T0I6U.tmp\rtl250.bplexecutable
MD5:942CC74B7EF66B51859D135FA3BC8BB2
SHA256:66F2F6B2E8C24827D63F6415094AE40FDDD50F30E097CDA395CC0116D57356A6
2432Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91.tmpC:\Users\admin\AppData\Local\Temp\is-T0I6U.tmp\sqlite3.dllexecutable
MD5:AEE15F6CDDD77FEE25810C3BF0C3633C
SHA256:F77427D7F9DC5075684D562BCA4D71A2064BB92D40C8A83A4FBD8F889A7BCEC2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
11
TCP/UDP connections
57
DNS requests
18
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5776
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.2.crl
unknown
whitelisted
5776
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5776
SIHClient.exe
GET
200
2.19.11.120:80
http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl
unknown
whitelisted
5776
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
5776
SIHClient.exe
GET
200
2.19.11.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
5776
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl
unknown
whitelisted
GET
200
104.119.109.218:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2104
svchost.exe
GET
200
104.119.109.218:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
2.20.245.137:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2104
svchost.exe
GET
200
2.20.245.137:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
20.190.160.128:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
2104
svchost.exe
2.20.245.137:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
2.20.245.137:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
2104
svchost.exe
104.119.109.218:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
104.119.109.218:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
6544
svchost.exe
20.190.160.128:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3216
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted

DNS requests

Domain
IP
Reputation
login.live.com
  • 20.190.160.128
  • 20.190.160.3
  • 40.126.32.72
  • 20.190.160.65
  • 40.126.32.133
  • 20.190.160.20
  • 40.126.32.136
  • 40.126.32.140
whitelisted
client.wns.windows.com
  • 172.211.123.249
  • 172.211.123.248
whitelisted
google.com
  • 142.250.185.110
whitelisted
crl.microsoft.com
  • 2.20.245.137
  • 2.20.245.139
  • 2.19.11.120
  • 2.19.11.105
whitelisted
www.microsoft.com
  • 104.119.109.218
  • 2.23.246.101
whitelisted
www.auslogics.com
  • 45.79.82.237
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.124.78.146
whitelisted
slscr.update.microsoft.com
  • 20.109.210.53
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 13.85.23.206
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Sigmanly_ae93fcc51ee960c8da7d9a1fc4a83ebe429dfca2062985c57bec27037cff1d91